Compiling a list of Truecrypt alternatives

With the Truecrypt project abandoned, I see a lot of clamoring in comment sections about suitable alternatives... but confusion as to what is available. This forum post is an attempt to sift through the more popular options, and provide some basic info on their capabilities. I will post audit info as well if I come across any (or if you mention it in a post).

Suggestions are welcome! I will add them to the list in the below format. You can use the template I have below, or just put in a blurb with what you know and I will add it in when I get the chance.

Notes:TruPax allows you to create and extract truecrypt containers, similar to an archiving utility. It does not manage mounting of truecrypt volumes. It also only supports containers with certain formats and algorithms.

Notes:EncFS works differently from Truecrypt in that it does not encrypt and mount volumes or "containers", but instead watches a designated folder, and encrypts/decrypts the individual files as-needed using your specified key. This makes encrypted content more resistant to bitrot (as one bad bit can destroy an entire truecrypt container). It also makes for a more "cloud-friendly" encryption option, as you will be syncing only modified files and not the entire container. The tradeoff is that others can see how many files are encrypted in your folder (though not their names or contents). Many cloud-based encryption services seem to borrow from encFS in their methodology.How to Encrypt Cloud Storage on Linux and Windows with EncFSBlog post: EncFS & Dropbox for Linux/Android/Windows/MacOSX

Description: Basic file encryption/decryption tool available on a variety of platforms.License: none found (Free and Open Source) Supported ciphers: AES-256Encryption layer: file-basedPlatform Support: (please indicate if support is limited or experimental)

Notes:Aes crypt is a basic file encryption/decryption tool. It is a command-line client, with GUI support provided via context menu integration (ie. right-click a file + "encrypt"). This suite would be more suitable for one-off secure file transfer, or deep storage of sensitive files. Files are not encrypted or decrypted in-place; you will be generating a new file that is encrypted/decrypted each time.

Description: A commercial offering with a focus on encrypting local files that are then synced to the cloud storage provider of your choice. Basic version is free; full versions require yearly subscription.License: CommercialSupported ciphers: AES-256Encryption layer: file-basedPlatform Support:

Windows: yes

MacOS: yes

Chrome: yes (beta)

iOS: yes

Windows Phone: yes

Linux/Unix: limited (only if using boxcryptor classic)

Android: yes

Blackberry 10: yes

Cloud friendly?: yes, all major providers + WebDAV storage

Notes:There are actually two versions of boxcryptor- the older, "classic" version used encFS under the hood, and could even be used to decrypt existing encFS folders. The new 2.0 version uses something different that is not backwards-compatible. Version 2 also requires a user account, and keys are stored on a Boxcryptor server (enables user/group sharing of encrypted files).

Description: A commercial, cross-platform program that allows you to create and mount encrypted containers similar to Truecrypt. The software is trialware, and currently $60 to buy.License: Commercial, closed-sourceSupported ciphers: AES-256, Blowfish, CAST, GOST, 3DES, Serpent, TwofishEncryption layer: Volume/File (encrypted containers)Platform Support:

Windows: yes

MacOS: yes

Linux/Unix: yes

Android: no

iOS: no

Cloud friendly?: yes

Notes:It works very similar to Truecrypt, allowing you to create virtual containers which you then mount like drives. According to its feature list, it supports "Enhanced Hidden Containers" which function similar to Truecrypt's "Hidden Volume" feature. Full disk encryption is provided by a separate product; this one focuses on containers.

File-based encryption; encrypted files can be opened directly. You can also encrypt a file into a self-decrypting .exe container, so the receiving party doesn't need axcrypt (similar to a self-extracting zip archive.)

If I'm reading docs correctly, it uses Disk Utility to create its encrypted containers, but it provides an easy interface to manage them with, and tighter integration with OS features like TimeMachine.

luksus is a user-friendly wrapper around tcplay,cryptsetup, and some other encryption tools. It provides a menu-based GUI on the command line that automates all of the dirty work of for creating and managing truecrypt volumes, among other encryption formats.

Does anyone have an alternative that can do TC's slackspace encryption, where an alternate password will "decrypt" the image with contents that had been stored in the slack space?

I've been looking for something that can do this and is cross-platform. Haven't found a thing.

I figure full-volume encryption is already on by default on iOS, is easily doable on Windows, Linux and OS X, so the three categories are: file at rest encryption, file in transit encryption, and plausible deniability encryption/steganography.

What I'd really like is a cross-platform solution that can create sliced images, to improve backups/cloud hosting while protecting the files.

Does anyone have an alternative that can do TC's slackspace encryption, where an alternate password will "decrypt" the image with contents that had been stored in the slack space?.

If you are referring to the "hidden volume" feature of Truecrypt, I'm not aware of any. There may be some on the market, but they are likely proprietary solutions that cost your left kidney and your firstborn. Truecrypt really spoiled a lot of people, because it filled its niche well enough that nobody bothered making anything with comparable features... especially something that was cross-platform.

Of note, zfs can be stacked on top of geli. Geli also supports encrypting the root partition. While I assume the desktop userbase is small, this is handy if you need to encrypt whatever lives on your file server.

Does anyone have an alternative that can do TC's slackspace encryption, where an alternate password will "decrypt" the image with contents that had been stored in the slack space?

Bestcrypt(Mac/Windows/Linux) has "enhanced hidden containers" that allows alternate password access into a container. I think if you use the 'main' password and edit something in the normal container then hidden part has the potential to be corrupted (but that happens in truecrypt too).

Uses scrypt to encrypt long random passwords to AES-256 sparsebundles. Each master password protects a list of encrypted folders (and their passwords). Enter a different password and you'll see a different list of folders (one of several layers of plausible deniability).

That's basically equivalent to walking up to the NSA office and giving them a hard drive with all your data (unencrypted) and your passphrase, then dropping the above in a parking lot in a sketchy part of town. This is all assuming that the "online crypters" are server side (even so, it's a bad idea).

That's basically equivalent to walking up to the NSA office and giving them a hard drive with all your data (unencrypted) and your passphrase, then dropping the above in a parking lot in a sketchy part of town. This is all assuming that the "online crypters" are server side (even so, it's a bad idea).

Description: A fork of Truecrypt 7.1a widely viewed as the successor to Truecrypt, under active development as of 2015. Author has worked on modernizing the app with security fixes and code rewrites, while expanding functionality in other ways.License: Apache 2.0 as of 2015Supported ciphers: AES, Serpent, Twofish, CascadesEncryption layer: volumes/containersPlatform Support:

Audits: None directly, though the project is based on Truecrypt 7.1a, which was the subject of the Open Crypto Audit. The first security fixes were based on the findings of this audit.

Notes:Initial versions were not Truecrypt-compatible, but newer versions have re-implemented Truecrypt container support, as well as the ability to convert Truecrypt volumes to Veracrypt format. In its current state, it can function as a drop-in replacement for Truecrypt.